Fraud losses have risen by 30 percent, with a new emphasis on authorised push payment (APP) fraud, according to trade association UK Finance.
In the first half of 2021, APP fraud losses stood at £355.3m, an increase of 71 percent. This is the first time that losses to APP fraud have overtaken losses to card fraud in the UK.
APP fraud happens when a person or business is tricked into sending money to a fraudster who poses as a genuine payee.
“Fraudsters are increasingly exploiting a known weakness in the UK banking system where names are not systematically checked against bank account details,” said Ed Adshead-Grant, general manager at Bottomline Technologies, a business payments platform.
The remote working environment created by COVID-19 has led to a sharp increase in impersonations, he continued.
With online retail growing, purchase scams were the most common form of APP fraud, accounting for almost half of all APP cases.
Impersonation scams also saw losses amounting to £129.3m — up 123 percent — as criminals posed as delivery companies, the NHS and government departments by sending out scam texts and emails.
The latest figures show the sheer scale of fraud taking place in the UK and highlight clearly the need for coordinated action to address this threat, said Katy Worobec, managing director of economic crime at UK Finance.
“The latest fraud stats are truly shocking,” said Adshead-Grant.
Confirmation of Payee (CoP) is the obvious industry choice for stemming these fraudulent losses, he told VIXIO. However, without the Payments Systems Regulator (PSR) either mandating its use by UK banks or being clearer about firms’ liabilities in this area, the market will continue to fail consumers and businesses.
“The banking and finance industry invests billions in advanced systems to try and stop fraud happening in the first place, but criminals are exploiting weaknesses outside of banks’ control to trick customers into making payments directly to them,” Worobec pointed out, adding that UK Finance is calling for coordinated action and renewed efforts from the government and other organisations to tackle this threat to national security.
Last week, consumer trade group Which? called on regulators to make banks do more to protect the victims of fraud and to provide them with fair reimbursement. Reimbursement rates remain high, despite the Contingent Reimbursement Model (CRM) Code.
The CRM code came into effect in May 2019, albeit voluntarily.
However, according to Which?, banks found that victims were at least partly responsible for their losses in 77 percent of cases assessed in the first 14 months of the code.
In addition, data from the Financial Ombudsman Service (FOS) indicates that banks are getting most of these decisions wrong, with 73 percent of complaints about APP fraud upheld in favour of consumers in 2020 and 2021 so far.
“This is the same old story,” said Mark Falcon, director at the consultancy, Zephyre, noting a failure of governance at Pay.UK and with Faster Payments, on which APP fraud is committed.
“There is a failure to mandate Faster Payments scheme rules that require all banks and other payment service providers that participate in Faster Payments to implement fraud reduction measures, related liability rules and consumer protection,” he said.
Regulatory intervention is essential as banks have failed to prioritise CoP, said Adshead-Grant.
“The PSR needs to mandate the use of CoP for all banks operating in the UK and also be clearer on the liability of losses,” he said, adding that the current situation has created “the perfect storm” for losses.
When approached for comment, a spokesperson for the PSR told VIXIO that banks have reported that COVID-19 has resulted in an increase in certain types of impersonation scams — notably to do with vaccinations and high-yield investments.
“The work we started earlier this year, in our two call for views, on APP scams and on widening the scope of Confirmation of Payee, has helped us to explore what actions we needed to take to prevent APP scams and also to help those who fall victim,” the spokesperson continued.
Furthermore, in October, the PSR will be consulting the public about the actions it should take to counteract APP fraud further, the spokesperson said.
These could include: making sure everyone can see how banks and building societies handle APP scams, by requiring them to publish their APP scam data, including reimbursement and repatriation levels; making it harder for fraudsters, by requiring banks and building societies to take a standardised approach to sharing data which will help identify these scams to stop them from happening in the first place; and extending the protection of customers at all banks and building societies “at a minimum standard by changing payment system rules”.